tags:

views:

58

answers:

0

I need to restrict a specific unix user so that it can login with only a few select postgres usernames (with password prompt), but allowing every other user to use whatever pg username they want.

Assuming restrUnixUser is the unix user name and restrUser is one of the postgres users it may use, and AllowedDB is the only database they should connect to :

pg_hba.conf :

local   AllowedDB       restrUser        password
local   all             restrUser        reject
local   all             all              ident map=exceptrestrUser

And pg_ident.conf :

exceptrestrUser      /^(?!restrUnixUser).*$       user1
exceptrestrUser      /^(?!restrUnixUser).*$       user2
exceptrestrUser      /^(?!restrUnixUser).*$       postgres

does what I exactly want to do right now, however, I'll probably add a lot more users so I wonder if there is something like

mapname unixuserpattern allpgusers

that'll match with whatever username used to login by any unix user matching the pattern.